some fixes regarding --check-payload

2025-02-03 05:04:11 +03:00 · 2010-10-29 11:00:23 +00:00 · 2010-10-29 11:00:23 +00:00 · f7d42af046
commit f7d42af046
parent b3b2c3864a
2 changed files with 4 additions and 7 deletions
--- a/lib/utils/checkpayload.py
+++ b/lib/utils/checkpayload.py
@ -50,9 +50,6 @@ def checkPayload(payload):

    if payload:
        for rule, desc in rules:
-            try:
-                regObj = getCompiledRegex(rule)
-                if regObj.search(payload):
-                    logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload))
-            except: # Some issues with some regex expressions in Python 2.5
-                pass
+            regObj = getCompiledRegex(rule)
+            if regObj.search(payload):
+                logger.warn("highly probable IDS/IPS detection: '%s: %s'" % (desc, payload))
--- a/xml/phpids_rules.xml
+++ b/xml/phpids_rules.xml
@ -56,7 +56,7 @@
    </filter> 
    <filter>
        <id>45</id>
-        <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]*)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,-]+from)]]></rule>
+        <rule><![CDATA[(?:union\s*(?:all|distinct|[(!@]+)?\s*[([]*\s*select)|(?:\w+\s+like\s+\")|(?:like\s*"\%)|(?:"\s*like\W*["\d])|(?:"\s*(?:n?and|x?or|not |\|\||\&\&)\s+[\s\w]+=\s*\w+\s*having)|(?:"\s*\*\s*\w+\W+")|(?:"\s*[^?\w\s=.,;)(]+\s*[(@"]*\s*\w+\W+\w)|(?:select\s*[\[\]()\s\w\.,-]+from)]]></rule>
        <description>Detects basic SQL authentication bypass attempts 2/3</description>
        <tags>
            <tag>sqli</tag>